I installed Ubuntu 12.04 a few weeks ago and am considering encrypting my home directory.
Excuse the fuzzy thinking but, if the directory is encrypted and I am actively using various programs, is it un-encrypted?, partially un-encrypted, or unchanged and still encrypted?

1 Answer
1

After you have encrypted your home directory using the ecryptfs-migrate-home command, your home directory is always encrypted, irrespective of what various programs you are actively using.

You can see the encrypted files in /home/.ecryptfs/matthew/.Private. What you see in /home/matthew directory is actually the decrypted version of files present in /home/.ecryptfs/matthew/.Private. Note that files present in /home/matthew are not saved anywhere, they are just decrypted on-the-fly.

For example, when you try to access /home/matthew/myfile.txt, ecryptfs will look for the encrypted version of this file in /home/.ecryptfs/matthew/.Private, decrypt it and display the decrypted version as /home/matthew/myfile.txt.

Similarly, when you write to the file /home/matthew/myfile.txt, ecryptfs will encrypt the content and save it inside /home/.ecryptfs/matthew/.Private instead.

This is actually completely seamless and transparent to the user. You can access your home directory just like you used to before encryption.

Your files are inaccessible until you login (/home/matthew directory is (almost) empty (some files are present to make the encryption work).). However, do note that once you login, /home/matthew will be mounted to show the decrypted version of /home/.ecryptfs/matthew/.Private and any running programs will be able to access files available in your home directory.

I hope this clears your doubts.

P.S. Record and make a note of the key that ecryptfs provides after the setup procedure. In case anything bad happens (e.g., operating system crashes), without this key your files will be inaccessible.